PYSEC-2025-40

A vulnerability in the preprocessstring function of the transformers.testingutils module in huggingface/transformers version v4.48.3 allows for a Regular Expression Denial of Service ReDoS attack. The regular expression used to process code blocks in docstrings contains nested quantifiers, leadin...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to a missing length check in the JSReadString function. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - GitHub Commit - GitHub Issue - GitHub Issue -...

DEBIAN-CVE-2025-2174

A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbistrndupiconvucs2 of the file src/conv.c. The manipulation of the argument srclength leads to integer overflow. The attack can be launched remotely. The exploit...

kernel: of: module: prevent NULL pointer dereference in vsnprintf()

A null pointer dereference vulnerability was found in vsnprintf when str and len parameters are passed to vsnprintf, which only allows passing a NULL ptr when the length is 0. This issue can result in a crash and damage to availability...

CVE-2023-48194

Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing setclientqos, control over the gp register can be obtained...

DEBIAN-CVE-2023-52614

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in transstatshow Fix buffer overflow in transstatshow. Convert simple snprintf to the more secure scnprintf with size of PAGESIZE. Add condition checking if we are exceeding PAGESIZE and exit ear...

PT-2023-7351 · Perl +2 · Perl +2

Name of the Vulnerable Software and Affected Versions: Perl versions 5.30.0 through 5.38.1 Description: The issue is related to the S parse uniprop string function in regcomp.c, which can write to unallocated space due to mishandling of a property name associated with a regular expression...

DEBIAN-CVE-2023-38855

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the getstring function in xlstool.c:395...

PT-2023-26637 · Libxls +1 · Libxls +1

Name of the Vulnerable Software and Affected Versions: libxlsv version 1.6.2 Description: The issue allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get string function in xlstool.c:411. Recommendations: For libxlsv version 1.6.2,...

libcap: Integer Overflow in _libcap_strdup()

A vulnerability was found in libcap. This issue occurs in the libcapstrdup function and can lead to an integer overflow if the input string is close to 4GiB...

kernel: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf()

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf snprintf returns the would-be-filled size when the string overflows the given buffer size, hence using this value may result in the buffer overflow although it's...

GeoServer SQL注入漏洞

GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions prior to 2.21.4, 2.22.2 and 2.22.2, which stems from abuse of strEndsWith, strStartsWith and PropertyIsLike...

SUSE CVE-2017-9120

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service buffer overflow and application crash or possibly have unspecified other impact via a long string because of an Integer overflow in mysqlirealescapestring...

SUSE CVE-2017-13743

There is a buffer overflow in Liblouis 3.2.0, triggered in the function loushowString in utils.c, that will lead to a remote denial of service attack...

SUSE CVE-2018-14456

An issue was discovered in libgig 4.1.0. There is an out-of-bounds write in the function DLS::Info::SaveString in DLS.cpp...

SUSE CVE-2018-16418

A buffer overflow when handling string concatenation in utilacltostr in tools/util.c in OpenSC before 0.19.0-rc1 could be used by attackers able to supply crafted smartcards to cause a denial of service application crash or possibly have unspecified other impact...

CVE-2022-33185. Several commands in Brocade Fabric OS use unsafe string function to process user input

Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account...

PT-2022-25023 · Pspp +1 · Pspp +1

Name of the Vulnerable Software and Affected Versions: PSPP version 1.6.2 Description: An issue was discovered that allows attackers to cause a denial of service or possibly have other unspecified impacts due to a heap-based buffer overflow at the read string function in utilities/pspp-dump-sav.c...

CVE-2021-27790

The issue (CVE-2021-27790) affects Brocade Fabric OS and centers on the ipfilter command. The vulnerability arises from the use of an unsafe string function to process user input, enabling stack-based buffer overflows. Exploitation requires authentication and leads to the possibility of arbitrary...

GHSA-F98M-Q3HR-P5WQ Prototype Pollution in locutus

All versions of package locutus prior to version 2.0.12 are vulnerable to Prototype Pollution via the php.strings.parsestr function...